Method for making secure the pre-initialising phase of a silicon chip integrated system, in particular a smart card and integrated system therefor

ABSTRACT

The invention concerns the securing of the pre-initialization phase of a smart card (CP) with a mutual authentication of this card (CP) storing a symmetric secret key (K M ) and an asymmetric public key (n), and a security device ( 3 ) storing the same secret key (K M ) and the asymmetric secret key (K pq ) corresponding to the public key (n). The card (CP) and the device ( 3 ) supply random numbers (N aC ). The device ( 3 ) is authenticated by transmitting to the card (CP) a cryptogram (SR) derived from the two random numbers using an asymmetric algorithm. The card (CP) is authenticated by calculating a secret session key derived from the random number (N aC ), using a symmetric algorithm and the secret key (K M ), and by transmitting to the device ( 3 ) a cryptogram (CC) derived from the second random number, using the symmetric algorithm and the session key. The dedicated key (K F ), encrypted by the session key (K S ), is transmitted to the card.

[0001] The invention relates to a method for securing a predeterminedoperation, particularly the pre-initialization phase of an embeddedmicrochip system, through the secure loading of a dedicated-useencryption key.

[0002] It applies more particularly to a smart card.

[0003] The invention also relates to an embedded system for implementingthe method.

[0004] In the context of the invention, the term “pre-initialization” ismeant in a general sense. It particularly relates to the manufacturingphase of a traditional smart card, or to the phase preceding theinitialization phase of a so-called open smart card.

[0005] Likewise, the term “embedded system” refers to various systems ordevices having in common the fact of using a microchip comprising datastorage and data processing means, generally constituted by amicroprocessor or a microcontroller. Such an embedded system can beconstituted, in particular, by a smart card.

[0006] To illustrate the concept, we will consider hereinafter thepreferred application of the invention, i.e., the pre-initialization ofa smart card.

[0007] In most smart card-based applications, various functions relatedto security are devolved to the smart cards. This term itself coversvarious concepts: confidentiality, authentication, etc.

[0008] For this reason, written into a nonvolatile part of theaforementioned storage means of the microchip, in permanent (using “ReadOnly Memory” or “ROM”), or semi-permanent (“Electrically ErasableProgrammable Read Only Memory” or “EEPROM”) fashion, is so-called secretdata required for these functions: encryption algorithm, secretencryption keys, identification data, etc.

[0009] Among this data, there is a so-called fabrication key thattraditionally makes it possible to secure all of the steps forpre-initializing the smart card.

[0010] Normally, the manufacture of a smart card takes place in two mainphases. During the first phase, a microchip is manufactured by a firstentity, which will hereinafter be called the “chip manufacturer.” Duringa second phase, this microchip is packaged, then integrated into asubstrate, i.e. an approximately rectangular piece of plastic, whichconstitutes the smart card per se. This operation is generally performedby a second entity, different from the first, which will hereinafter becalled the “card manufacturer.”

[0011] A third entity, which will hereinafter be called a“pre-personalizer,” performs the aforementioned pre-initializationoperation.

[0012] In the prior art, almost systematically, the fabrication key thatsecures all of the steps in the pre-initialization of a smart card iswritten in unencrypted form, and without prior authentication by thecard manufacturer. This operating mode poses several problems:

[0013] if cards are stolen during their transport from the chipmanufacturer to the card manufacturer, there is no guaranteed softwaresecurity: the cards can be preinitialized fraudulently and then usedmaliciously;

[0014] a defrauder producing a card that is in any way cloned can insertit into the card-making chain without being detected; and

[0015] simple online espionage makes it possible to obtain thefabrication key, transmitted in unencrypted fashion.

[0016] One solution would be to have the fabrication key written by thechip manufacturer during a so-called probe operation, but this solutionis very costly, since the secret data must be changed for each card(non-static data), which moreover is detrimental to the production rateof the chip manufacturer. This costly method is therefore not realistic,and because of this, is practically never implemented.

[0017] The object of the invention is to eliminate the drawbacks of thedevices of the prior art, some of which have just been mentioned.

[0018] To this end, according to a first advantageous characteristic ofthe invention, the writing of the fabrication key is protected by amutual authentication between an element known as a “SAM” (for “SecurityAccess Module”) and the smart card, in order to prevail over theutilization of a phony “SAM” module in which a cloned smart card or evenone having a falsified ROM or other nonvolatile memory. Hereinafter, forsimplification purposes, this module will be called “SAM.” It can behosted in a microcomputer or a smart card, for example. Generally, the“SAM” can be defined as being a “key holding” element. In essence, itstores a secret key that is never divulged, in the sense that it is notcommunicated to the outside world. It is used to calculate other keysthat allow the aforementioned mutual identification.

[0019] The authentication of the “SAM” by the smart card uses anasymmetric encryption algorithm. It can be, for example, the algorithmwidely used in the field of banking applications and known by theabbreviation “RSA” (for “Rivest, Shamir and Adleman,” the designatedinventors in U.S. Pat. No. 4,405,829A). However, since a smart card isonly equipped with limited computing resources, it is preferable to usethe so-called “Rabin” algorithm for this purpose. In fact, in the lattercase, less computing power required, which is more suitable for thespecific characteristics of a smart card or similar type of device.Also, hereinafter, without in any way limiting the scope of theinvention, the asymmetric algorithm used will be considered to be the“Rabin” algorithm.

[0020] As for the authentication of the smart card by the “SAM” module,it is advantageously based on a symmetric algorithm, preferably of theso-called “Triple DES” (“Data Encryption System”) type.

[0021] By using the Rabin algorithm for the authentication of the “SAM”by the smart card and the “Triple DES” algorithm for the authenticationof the smart card by the “SAM,” the use of a cryptoprocessor is notnecessary in order to implement the security mechanism, which is alsoadvantageous in the context of the applications envisaged by theinvention.

[0022] The method according to the invention then allows theauthenticated “SAM” to load the fabrication key securely into the smartcard, which is itself authenticated.

[0023] Hence, the main subject of the invention is a method for secureloading of a key dedicated to securing a predetermined operation intostorage means of a microchip of an embedded system, said dedicated keybeing contained in a security device that includes means for two-waycommunication with said microchip, characterized in that, said storagemeans of said microchip storing a symmetric secret encryption key and anasymmetric public key and said security device storing the samesymmetric secret encryption key and the asymmetric secret keycorresponding to the public key of said microchip, it comprises:

[0024] a first phase consisting in the authentication of said securitydevice by said microchip and comprising the steps for the generation bythe microchip of a first random number and its transmission to thesecurity device, the generation by the latter of a second random numberand a first cryptogram from said first and second random numbers byapplying an asymmetric signature algorithm using said asymmetric secretkey, and its transmission to said microchip in order to perform saidauthentication of it by verification using said public key;

[0025] a second phase consisting in the authentication of said microchipand comprising the steps for the generation by the microchip and saidsecurity device of a secret, so-called session key from said firstrandom number, by applying a symmetric encryption algorithm using saidsecret encryption key, followed by the generation of a second cryptogramby applying a symmetric encryption algorithm using said secret sessionkey and its transmission to said security device in order to performsaid authentication by verification using said session key; and

[0026] a phase for transferring said dedicated key, encrypted by saidsecret session key, into said storage means of said microchip.

[0027] Another subject of the invention is an embedded microchip systemfor implementing the method.

[0028] The invention will now be described in greater detail byreferring to the attached drawings, in which:

[0029]FIG. 1 schematically illustrates an exemplary configuration of thememory of a smart card according to one aspect of the invention, for thestorage of a public key;

[0030]FIG. 2 schematically illustrates the main exchanges of informationfor the mutual authentication of a so-called “SAM” key-holding moduleand a smart card, according to the method of the invention;

[0031]FIG. 3 illustrates an example of concatenated data used tocalculate a Rabin signature on random numbers respectively generated bythe smart card and the “SAM” module, according to an aspect of themethod of the invention;

[0032]FIG. 4 illustrates, in an example, the generation of a session keyin the smart card, according to an aspect of the invention;

[0033]FIG. 5 illustrates, in an example, the generation of a cryptogramin the smart card, according to an aspect of the invention; and

[0034]FIG. 6 illustrates an example of concatenated data used tocalculate a Rabin signature, calculated by the SAM on the command forloading the fabrication key before it is transferred, encrypted, intothe smart card.

[0035] Hereinafter, without in any way limiting its scope, we willconcentrate on the context of the preferred application of theinvention, unless otherwise indicated, i.e., the securing of thepre-initialization phase of a smart card.

[0036] The method according to the invention, from the point of view ofthe smart card and the “SAM” module, requires a symmetric secret keythat will hereinafter be called the master key K_(M). This key K_(M)must be present when the microchip, or “chip,” leaves the entity that iscalled the “chip manufacturer.”

[0037] The storage of this key K_(M) takes place in a nonvolatile partof the memory with which the microchip is equipped: a permanent memoryof the ROM type, or semipermanent memory of the EEPROM or a similartype.

[0038] In a preferred variant of embodiment of the invention, andaccording to a first characteristic, the key K_(M) is “probe” writteninto EEPROM by the chip manufacturer. The bytes that compose the keyK_(M) are extremely sensitive data and must be treated as securitybytes. Storage in EEPROM allows this key K_(M) to be diversified forseveral batches of cards.

[0039] The method according to the invention, from the smart card pointof view, also requires an asymmetric public key that will hereinafter becalled the asymmetric public key n. This k, set for all the cards, mustbe present when the microchip or chip leaves the entity called the “chipmanufacturer.”

[0040] The storage of this key n takes place in a nonvolatile part ofthe memory with which the microchip is equipped: a permanent memory ofthe ROM type and/or semi-permanent memory of the EEPROM or a similartype.

[0041] In a preferred variant of embodiment of the invention, andaccording to a second characteristic, the nonvolatile memory of themicrochip has a particular hybrid—physical and logical—configuration. Apermanent part of the ROM type and a re-programmable, semi-permanentpart of the EEPROM type are provided. The bytes of the aforementionedpublic key are distributed between these two storage areas in theparticular way explained below. The bytes must be present when the chipleaves the chip manufacturer.

[0042] The “probe” written bytes in the EEPROM part of the memory mustbe considered to be extremely sensitive, and in this respect, must betreated as security bytes.

[0043] For example, to illustrate the concept, we will consider a publickey with a length of 768 bits (or 96 bytes). The latter residescompletely in ROM. However, according to a preferred embodiment of themethod according to the invention, one byte per block of twelve isintentionally stored in an erroneous way in the ROM type storage area,this erroneous value having been purposely written into the code storedin this ROM type part of the memory. The correct value of the byte inquestion is stored in the EEPROM type part. In this example, eight bytes(i.e., 96/12=8) must therefore be programmed into the EEPROM type partof the memory. This data is static, since a public key is notdiversified.

[0044] In addition, an operation known as a “hash” is performed on 160bits of the public key n. The result is stored in ROM, so that it can beverified with each utilization of the key n. To do this, an algorithm ofthe type known as “SHA-1” is advantageously used. This particularalgorithm must therefore be installed in the smart card.

[0045] Associated with the particular storage of the public key n, thehash makes it possible to simultaneously guarantee the integrity of boththe ROM and EEPROM type parts of the memory.

[0046]FIG. 1 schematically illustrates such a memory map of a smart cardCP. In the example described, the storage means M specifically include amemory part 1 of the ROM type and a memory part 2 of the EEPROM type.Again in the example described, eight blocks of twelve bytes of digitaldate B₁ through B₈ representing the aforementioned public key n arestored in the “ROM” memory 1. In each of these eight blocks B₁ throughB₈, there is an intentionally erroneous byte, arbitrarily the bytes O₁through O₈. Eight correct bytes O′₁ through O′₈ corresponding to theseerroneous bytes O₁ through O₈ are stored in the “EEPROM” memory 2.

[0047] We will now describe the steps for the secure loading of aso-called fabrication key into the smart card.

[0048] The first phase of the method according to the invention consistsin the authentication of the “SAM” vis-à-vis the smart card CP.

[0049] This phase specifically includes a step for the calculation bythe “SAM” of a cryptogram, using an asymmetric secret key correspondingto the asymmetric public key n contained in the card. In practice, thekey is composed of two first numbers, which will arbitrarily be called pand q. The asymmetric secret key of the “SAM” will arbitrarily be calledK_(pq). In other words, the “SAM” is identified vis-à-vis the smart cardCP and the latter recognizes its caller with the public key n.

[0050] As shown in FIG. 2, using an outgoing order O_(s), the “SAM” 3retrieves from the smart card CP a sixteen-byte random number N_(aC).The number N_(aC) will hereinafter be called the “card random number,”and can be generated, for example, by the computing means of the smartcard CP, in the example illustrated a microprocessor CPU. The “SAM” 3also generates a sixteen-byte random number that will be called the “SAMrandom number” N_(aS).

[0051] A Rabin signature, which will hereinafter be named SR, iscalculated by the “SAM” 3 on ninety-six bytes of data, referenced DSR.This data DSR can conform to the concatenation illustrated by FIG. 3, inorder to reach the aforementioned ninety-six bytes:

[0052] a fifty-nine byte filler string DSR₁, having for example thefollowing static configuration: 01, FF, . . . FF, in hexadecimal;

[0053] a five-byte so-called header string DSR₂ of the mutualauthentication command; and

[0054] thirty-two bytes DSR₃, constituted by the concatenation of theaforementioned numbers N_(aS) and N_(aC).

[0055] The five-byte header string of the mutual authentication command,DSR₂, can advantageously be constituted by the contents of a command ofthe type known as an “APDU” if the smart card CP is read by a smart cardreader using a protocol in accordance with the standards ISO 7816-1through ISO 7816-4. More precisely, it can be the code associated with aloading instruction.

[0056] Referring again to FIG. 2, the Rabin signature SR and the randomnumber N_(aS) are sent to the smart card CP by means of an input-outputorder O_(ES), indicating a mutual authentication. The “SAM” 3 alone iscapable of generating this signature SR, since the secret key it storesis never divulged. The smart card CP verifies the Rabin signature usingthe asymmetric public key n that it stores, which makes it possible toauthenticate the “SAM” 3.

[0057] The second phase of the method consists in the authentication ofthe smart card CP vis-à-vis the “SAM” 3, so as to complete the mutualauthentication of the two entities.

[0058] From the secret master key K_(M) and from the aforementionedsixteen-byte random number N_(aC), the smart card CP generates asixteen-byte symmetric, secret so-called session key K_(S), making itpossible to calculate a cryptogram specific to the smart card CP.

[0059] Preferably, this secret session key K_(S), called anauthentication key, is obtained by performing in encryption using analgorithm of the Triple DES type on both parts, N_(aC1), and N_(aC2), ofthe card random number N_(aC).

[0060] More precisely, the process for calculating the secret sessionkey K_(S) is executed as illustrated by the diagram of FIG. 4.

[0061] As is well known, an encryption with an algorithm of the TripleDES type includes, in cascade, a first encryption using a key (in thiscase the secret master key K_(M)) via a direct DES, a second DES of theinverse type, and a third DES, also direct.

[0062] In the eight-byte “low-order” part N_(aC1) of the smart cardrandom number N_(aC), the Triple DES is performed directly using threecascaded modules, referenced D₁₁, D₂₁ and D₃₁. The modules D₁₁ and D₃₁receive, through their key inputs, the same key value, in this case theeight-byte “high-order” part K_(M1) of the key K_(M), while the moduleD₂₁ receives in its key input the “low-order” part K_(M2), also eightbytes. On output from the module D₃₁, the eight-byte “high-order” partK_(S1) of the secret session key K_(S) is obtained. This eight-byte wordK_(S1) can be temporarily stored in a storage register or in a part ofthe RAM with which the smart card CP is normally equipped.

[0063] The part K_(S1) is re-injected through a first input of a logiccircuit of the “exclusive-OR” type, referenced XOR. The latter receives,in a second input, the eight-byte “high-order” part N_(aC2) of the smartcard random number N_(aC). The output of the logic circuit XOR istransmitted to the input of a Triple DES encryption chain. This TripleDES is performed using three cascading modules. referenced D₁₂, D₂₂ andD₃₂. As above, the modules D₁₂ and D₃₂ receive, through their keyinputs, the same key value, in this case the eight-byte “high-order”part K_(M1) of the key K_(M), while the module D₂₂ receives in its keyinput the “low-order” part K_(M2), also eight bytes. On output from themodule D₃₂, the eight-byte “low-order” part K_(S2) of the secret sessionkey K_(S) is obtained. This eight-byte word K_(S2) can also betemporarily stored in a storage register or in a part of the RAM.

[0064] The secret key K_(M) can be present in ROM, or “probe” written inEEPROM, as mentioned above.

[0065] It is clear that the “exclusive-OR” logic operation can beperformed by means of software instead of using a specific logic circuitXOR, by calling a routine stored in “ROM” memory 1, for example, underthe control of the microprocessor CPU. Likewise, the “DES” and “DES⁻¹”operations are generally performed by means of algorithms stored in“ROM” memory 1, again under the command of the microprocessor CPU. Theintermediate results are stored in registers or in RAM.

[0066] The “SAM” 3 is capable of calculating the same secret session keyK_(S) in the manner just described, since the latter also stores thesecret master key K_(M).

[0067] In an additional step, the smart card CP generates a byte stringthat will hereinafter be called the “card cryptogram” CC. The latter isobtained by encrypting the “SAM” random number transmitted to the smartcard CP using the secret session key K_(S) that has just beencalculated.

[0068]FIG. 5 illustrates the process. The latter is similar to the onethat made it possible to calculate the secret session key K_(S). It canparticularly use “exclusive-OR” and encryption functions in accordancewith the Triple DES algorithm. Also, the elements in common with thepreceding figures have the same references, and will be re-describedonly as necessary.

[0069] The “SAM” random number N_(aS) has been received from the “SAM” 3and is temporarily stored in a register or other storage location. Theeight-byte high-order part N_(aS1) of this random number N_(aS) issubjected to a Triple DES by the chain D₁₁ à D₃₁. However, it is firstsubjected to an “exclusive-OR” logic operation with an initial chainingvalue of eight bytes N_(j), of hexadecimal value “00,” by means of afirst circuit XOR₁ (or by a software process). It is the output fromthis circuit XOR₁ that is transmitted to the aforementioned chain. Theencryption key is the secret session key K_(S) calculated in thepreceding step. More precisely, the key inputs of the “DESs” D₁₁ et D₃,receive the eight highest-order bytes KS₁ of this key K_(S), and the keyinput of the DES D₂₁ receives the eight lowest-order bytes K_(S2).

[0070] This process makes it possible to calculate the eighthighest-order bytes CC₁ of the cryptogram CC. These bytes CC₁ arere-injected as input into the Triple DES encryption chain D₁₂ à D₃₂ forthe lowest-order bytes N_(aS2) of the “SAM” random number N_(aS), moreexactly into one of the inputs of a second “exclusive-OR” circuit XOR₂,the first input receiving the eight lowest-order bytes of the randomnumber N_(aS). It is the output from this circuit XOR₂ that istransmitted to the aforementioned chain. The key inputs of the “DESs”D₁₂ et D₃₂ receive the eight highest-order bytes K_(S), of this keyK_(S), and the key input of the DES D₂₂ receives the eight lowest-orderbytes K_(S2). The output of the DES D₃₂ generates the eight low-orderbytes CC₂ of the card cryptogram CC.

[0071] This cryptogram is transmitted to the “SAM” 3 by means of theinput-output order OES (FIG. 2) for mutual authentication. At the end ofthis step, the “SAM” 3 can authenticate the smart card CP from the cardcryptogram CC₁ since it has also calculated the session key K_(S), asmentioned above.

[0072] The last step consists of loading said fabrication key K_(F) intothe memory of the smart card CP, using a loading command C_(ch). Thiskey K_(F) is protected by encryption by means of the secret session keyK_(S), in a mode known as “CBC” (for “Cipher Block Chaining”).

[0073] If the loading command fails, the session key K_(S) is lost and anew mutual authentication is necessary, with a calculation of a newsession key.

[0074] The loading command is signed by means of a Rabin signature bythe “SAM” 3. FIG. 6 schematically illustrates the data DSR′ used tocalculate a Rabin signature SR′.

[0075] In all, DSR′ comprises ninety-six bytes. In the example, DSR′comprises three parts:

[0076] a header DSR′₃, advantageously an “APDU” command as in the caseof FIG. 2;

[0077] encrypted data DSR′₂, or Do₁ through Do_(n,), representing thefabrication key K_(F) (with n being the total number of bytes of thefabrication key K_(F)); and

[0078] static filler data DSR′₁, or x bytes, for example with theconfiguration: 01, FF . . . FF, in hexadecimal (the value of x is chosenso that the total number of bytes of DSR′ is equal to ninety-six).

[0079] Through the reading of the above, it is easy to see that theinvention achieves the stated objects.

[0080] In particular, the loading of the fabrication key subsequentlyused to secure the steps for pre-initializing the smart card CP takesplace with a very high level of security. The method makes it possibleto load, into each smart card CP, its own key, or in other words adifferent key than the other smart cards.

[0081] However, although it allows this key diversification, the methoddoes not make it necessary to resort to long and costly operations ofthe type indicated, known as “probe writing by the chip manufacturer.”

[0082] It should be clear, however, that the invention is not limited tojust the exemplary embodiments explicitly described, particularly inconnection with FIGS. 1 through 6.

[0083] As indicated above, although the Rabin algorithm is particularlyadvantageous, as it consumes few computing resources, this algorithmcould be replaced by other types of asymmetric algorithms, such as“RSA.” The same goes for the algorithm of the Triple DES type. Othersymmetric key algorithms can be used without going beyond the scope ofthe invention. This is merely a technological choice that is within thecapability of one skilled in the art, and depends particularly on theprecise application envisaged.

[0084] Likewise, the precise numerical values, the number of bytes orother elements, are indicated only to illustrate the concepts and do notin any way limit the scope of the invention. In particular, as is wellknown, the length of the encryption keys depends on the degree ofsecurity one expects to achieve, and can result from technologicalchoices, for example linked to the standards in force and/or to thetypes of algorithms chosen.

[0085] Lastly, as indicated, the invention is not limited to smartcard-based applications only. It can be applied in the context of anyembedded system comprising a microchip or similar device, into which itis necessary to load a key for securing predetermined operations.

[0086] The operations in question can be pre-initialization operations,as described in detail, but also other types of operations.

[0087] For example, it is possible to subject sensitive commands from aso-called open smart card, such as the loading of libraries of the typeknown as “APIs” (“Application Program Interface”) or various codes, intothe EEPROM part, to a mutual authentication between the loading deviceand the smart card, the mutual authentication process being executedaccording to the method of the invention.

[0088] In general, it is possible, from the smart card point of view, toassign a public key and a symmetric secret key to each type of operationto be secured. The session key derived during the authenticationmechanism can subsequently be used to secure the loading of another keyfor a dedicated use, such as protecting libraries of the aforementioned“API” type or “patches,” i.e. the application of binary data to replaceall or part of an existing program.

1. Method for secure loading of a key dedicated to securing apredetermined operation into storage means of a microchip of an embeddedsystem, said dedicated key being contained in a security device thatincludes means for two-way communication with said microchip,characterized in that, said storage means (M) of said microchip storinga symmetric secret encryption key (K_(M)) and an asymmetric public key(n) and said security device (3) storing the same symmetric secretencryption key (K_(M)) and the asymmetric secret key (K_(pq))corresponding to the public key n of said microchip, it comprises: afirst phase consisting in the authentication of said security device (3)by said microchip (CP) and comprising the steps for the generation bythe microchip (CP) of a first random number (N_(aC)) and itstransmission to the security device (3), the generation by the latter ofa second random number (N_(aS)) and a first cryptogram (SR) from saidfirst (N_(aC)) and second (N_(aS)) random numbers by applying anasymmetric signature algorithm using said asymmetric secret key(K_(pq)), and its transmission to said microchip (CP) in order toperform said authentication of it by verification using said public key(n); a second phase consisting in the authentication of said microchip(CP) and comprising the steps for the generation by the microchip (CP)and said security device (3) of a secret, so-called session key (K_(S))from said first random number(N_(aC)), by applying a symmetricencryption algorithm using said secret key (K_(M)), followed by thegeneration of a second cryptogram (CC) by applying a symmetricencryption algorithm using said secret session key (K_(S)) and itstransmission to said security device (3) in order to perform saidauthentication by verification using said session key (K_(S)); and aphase for transferring said dedicated key (K_(F)), encrypted by saidsession key (K_(S)), into said storage means (M) of said microchip (CP).2. Method according to claim 1, characterized in that said phase fortransferring said dedicated key (K_(F)) is activated by a key loadingcommand (C_(ch)), and is signed (SR′) by applying an asymmetricsignature algorithm.
 3. Method according to claim 1, characterized inthat said asymmetric algorithm is the so-called Rabin algorithm. 4.Method according to claim 3, characterized in that said first (N_(aC))and second (N_(aS)) random numbers have a length of sixteen bytes, andin that said first cryptogram (SR) is obtained by applying said Rabinalgorithm to the concatenation of said first (N_(aC)) and second(N_(aS)) random numbers (DSR₃) having a first given number of bytesforming a header (DSR₂) and a second given number of so-called fillerbytes (DSR₁), so that the total length of said concatenation (DSR) isninety-six bytes, equivalent to the length of said public key (n). 5.Method according to claim 3, characterized in that said dedicated key(K_(F)) is encrypted (DSR′₂) by said secret session key (K_(S)) and isconcatenated with a third given number of bytes (DSR′₃) forming aheader, and a fourth given number of so-called filler bytes (DSR′₁), sothat the total length of said concatenation (DSR′) is ninety-six bytes,and in that said concatenation (DSR′) is signed by applying said Rabinalgorithm, before said transfer to said smart card (CP).
 6. Methodaccording to claim 1, characterized in that said asymmetric algorithm isthe so-called Triple DES algorithm.
 7. Method according to claim 6,characterized in that said first random number (N_(aC)) and said secretkey (K_(M)) having a length of sixteen bytes, said step for generatingsaid secret session key comprises: the application of said Triple DES tothe eight lowest-order bytes (N_(aC1)) of said first random number(N_(aC)), with, in cascade, a direct DES (D₁₁) having as an encryptionkey the eight highest-order bytes of said secret key (K_(M1)), aninverse DES (D₂₁) having as an encryption key the eight lowest-orderbytes of said secret key (K_(M2)), and another direct DES (D₃₁) havingas an encryption key the eight highest-order bytes of said secret key(K_(M1)), in order to generate eight highest-order bytes of said secretsession key (K_(S1)). the application of an “exclusive-OR” logicoperation (XOR) between these eight highest-order bytes (K_(S1)) and theeight lowest-order bytes (N_(aC2)) of said first random number (N_(aC));and the application of said Triple DES to the result of said logicoperation with, in cascade, a direct DES (D₁₂), having as an encryptionkey the eight highest order bytes of said secret key (K_(M1)), aninverse DES (D₂₂) having as an encryption key the eight lowest orderbytes of said secret key (K_(M2)), and another direct DES (D₃₂) havingas an encryption key the eight highest order bytes of said secret key(K_(M1)), in order to generate eight lowest-order bytes (K_(S2)) of saidsecret session key (K_(S)), said highest-order bytes (K_(S1)) andlowest-order bytes (K_(S2)) together forming said secret session key(K_(S)).
 8. Method according to claim 6, characterized in that, saidsecond random number (N_(aS)) and said secret session key (K_(S)) havinga length of sixteen bytes, said step for generating said cryptogram ofthe card comprises: the application of an “exclusive-OR” logic operation(XOR₁) between the eight highest-order bytes (N_(aS1)) of said secondrandom number (N_(aS)) and eight static bytes with the hexadecimal value00; the application of said Triple DES to the result of said logicoperation, with, in cascade, a direct DES (D₁₁), having as an encryptionkey the eight highest order bytes of said secret session key (K_(S1)),an inverse DES (D₂₁) having as an encryption key the eight lowest orderbytes of said secret session key (K_(S2)), and another direct DES (D₃₁)having as an encryption key the eight highest-order bytes of said secretsession key (K_(S1)), in order to generate eight highest-order bytes(CC₁) of said second cryptogram (CC); the application of an“exclusive-OR” logic operation (XOR₂) between these eight highest-orderbytes (CC₁) and the eight lowest-order bytes (N_(aS2)) of said firstrandom number (N_(aS)); and the application of said Triple DES to theresult of said logic operation with, in cascade, a direct DES (D₁₂),having as an encryption key the eight highest order bytes of said secretsession key (K_(S1)), an inverse DES (D₂₂) having as an encryption keythe eight lowest order bytes of said secret session key (K_(S2)), andanother direct DES (D₃₂) having as an encryption key the eighthighest-order bytes of said secret session key (K_(S1)), in order togenerate eight lowest-order bytes (CC₂) of said second cryptogram (CC),said highest-order (CC₁) and lowest order (CC₂) bytes together formingsaid second cryptogram (CC).
 9. Method according to claim 1,characterized in that, said embedded microchip system being a smart card(CP), said dedicated key is a so-called fabrication key (K_(F)) used tosecure the pre-initialization operations of the smart card.
 10. Embeddedmicrochip system comprising data processing and storage means designedto cooperate with a security device via two-way communication means inorder to receive a key dedicated to securing predetermined operations,characterized in that, said data storage means (l) storing a symmetricsecret encryption key (K_(M)) and an asymmetric public key (n) and saidsecurity device (3) storing the same symmetric secret encryption key(K_(M)) and the asymmetric secret key (K_(pq)) corresponding to saidpublic key (n), said microchip includes means for generating a firstrandom number (N_(aC)) designed to be transmitted to said securitydevice (3), means for receiving from the latter a second random number(N_(aS)) and a first authentication cryptogram (SR), generated from saidfirst random number (N_(aC)) and a second random number (N_(aS)), byapplying an asymmetric algorithm and using said secret key (K_(pq)),means (XOR, D₁₁-D₃₂) for generating a secret so-called session key(K_(S)) from said first random number (N_(aC)) by applying a symmetricalgorithm and using said secret key (K_(M)), means for generating asecond cryptogram (CC) from said second random number (N_(aS)) receivedfrom said security device (3) by applying a symmetric algorithm andusing said secret session key (K_(S)), and means for receiving from saidsecurity device (3) said dedicated key (K_(F)), encrypted (DSR′₂) usingsaid session key (K_(S)), and for storing it in said storage means (M).11. System according to claim 9, characterized in that it is constitutedby a smart card (CP) and in that said dedicated key is a so-calledfabrication key (K_(F)), and in that said operations to be secured areoperations for pre-initializing said smart card (CP).